DLP does not flag email attachments in Outlook 2016 with Drag and Drop

Hi Dane Seelen,

I believe we have a reported issue with file not being flagged during drag and drop action in Outlook 2016. It would be great if you could open a support ticket and then PM the case datils for further follow-up.

Hi Dane Seelen,

I believe we have a reported issue with file not being flagged during drag and drop action in Outlook 2016. It would be great if you could open a support ticket and then PM the case datils for further follow-up.

Already did lol, I opened one with Sophos and one with Microsoft, I will paste my open response to where I am at with Microsoft below, in regards to Sophos I am scheduling a remote session with them currently to look further into the issue.

To Microsoft~

I have attempted this again, without AV, with AV, newly installed outlook & re-completed the registry changes in the GPO just to be sure, basically I started from scratch.  The computer was fully updated running the latest Outlook/Sophos and Windows 10 Pro Updates.

I applied the following 2 registry changes via GPO to the computer in question

• HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

• HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Both of which are set to alter the OutlookSecureTempFolder location to C:\Users\%username%\Desktop\Outlook

• Where I have placed a hidden folder named Outlook

I have then ran gpupdate /force and or logged in/out and or restarted the computer to apply the registry changes, (Double checking each to make sure there is no difference) the registry changes are applied, I can confirm this by checking the registry via regedit.  Once I have had them confirmed I opened procmon, then opened Outlook.  At this point I did not see anything changing the secure folder location in the registry, I refreshed and even reopened Regedit to make sure the folder path had not changed and still was  C:\Users\%username%\Desktop\Outlook, I then opened a new email and again nothing changing, repeated the process of reopening regedit to confirm, however once I drag and drop an attachment into an email.

 Procmon shows Outlook.exe  doing a RegSetValue to HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder which alters the folder back too-

C:\Users\%username%\AppData\Local\Microsoft\Widnows\INetChache\Content.Outlook\2I9V31IT

 What I am trying to figure out is what value in Outlook is re-writing this piece of registry code so that I can have it remain to C:\Users\%username%\Desktop\Outlook

The response I got back was they are waiting to speak with a Microsoft Engineer.

Also after reading through a few other forums on Sophos Community I have found that this issue also occurs if a user right clicks a file and uses the send as option built into Windows, the file is attached and DLP does not prompt anytype of alert status. 

I would assume but also will confirm if I find a fix that these two aspects are related to the folder structure that Microsoft dumps the attachments into.